A colleague who worked for a company recently told me about their testing process and how comprehensive the tests were, and they also conducted network penetration tests on the application systems to ensure their full security. I think it sounds like a waste of time and resources. Do you agree with me? Is it good to implement network penetration testing when ensuring application system security? If so, what would be the benefit? Having robust, fully tested applications in a vulnerable network does not make much sense because the network itself has an unknown vulnerability in its configuration or process. Although current hackers are attacking web apps directly, they will not hesitate to take advantage of alternative paths to break into organizations and steal information assets. When it comes to these two types of penetration tests, you're right, and applying system penetration testing is more important. As I have just said, this is because the application system is the focus of the current attack, and the network should already be protected by network perimeter defenses such as firewalls, intrusion detection systems, and antivirus gateways. It is the border defense measures like this that force hackers to move their targets to application systems. However, it is important to test whether network security devices run as expected and actually protect the network. When systems are integrated or deployed, the interaction of multiple devices, services, and functions creates unexpected vulnerabilities that can often be found only by penetrating the system as a whole. The process of proactively analyzing potential vulnerabilities in a system can start with bad or incorrect system configurations, followed by known and unknown hardware or software flaws, and operational weaknesses in processes and technical countermeasures. Network penetration testing can explore how controls, such as password selection, configuration of servers, firewalls, and IDs, trust relationships between systems, and the resistance of remote access points to attempts to overflow, as well as the ability of network defenses to successfully detect and respond to attacks. Compliance with the PCI DSS 11.3 (PCI DSS, payment card Industry Data security Standards) section requires an external and internal penetration test at least once a year, including the network layer and application layer, as well as any major infrastructure or application upgrades or modifications. Industry standards, such as ISO 27001, also define it as one of the important security tests that an organization should perform on a regular basis. In addition, the results of the network penetration test provide evidence for increased investment in security personnel and technology. Now, this has become a very worthwhile thing to do. "Editorial Recommendation" six Steps to ensure Web Application Security Web application Security How far away are you? Web Application Security Technology white Paper parsing Web application Security as a key part of security defense How to select the Application Security tool for a specific scenario "executive Editor: Shang TEL: (010) 68476606" to force (0 Votes) Tempted (0 Votes) nonsense (0 Votes) Professional (0 Votes) The title party (0 votes) passing by (0 votes) Original: Through the network penetration test to ensure the application safe return to the Network security home page
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.